Thanks Lennart! Proxy roles do sound like the answer, but I cannot
get them working. When I restrict my private script so that only
Managers have View permissions and give my public script Manager proxy
roles, I am still prompted for a login box when I try to view the
public script. When I cancel, I get the following error:
Error Type: Unauthorized
Error Value: You are not allowed to access 'meta_type' in this context
This is different from the standard "You are not authorized to access
this resource. No Authorization header found." error which I get when
I try to access the private script directly, but conveys little to me.
What does it mean and how do I fix it?
On 2/11/06, Lennart Regebro <[EMAIL PROTECTED]> wrote:
> On 2/11/06, Michael Shulman <[EMAIL PROTECTED]> wrote:
> > Is there a way in Zope to restrict permissions for direct access only
> > (i.e. calling an object through the web) but still allow indirect
> > access (i.e. executing an object that was called by another object
> > that was called through the web)?
> Yes. If that "other object" is disk-based python, it is most likely
> able to do it already. If it is a python-script, you can set it up to
> have a proxy role. That way your auxiliary scripts can all require
> manager roles, and you can give the scripts that need to call them the
> Manager proxy-role
> > Feel free to tell me that I am misunderstanding the way security
> > works, or is supposed to work, in Zope, or that if this is something I
> > need to do I am designing my site incorrectly from the point of view
> > of Zope security (and if so, what is the correct way to design it?).
> No you seem to have got it. Although the next time you do something
> that complex you might want to look into making a disk-based prodct
> instead. It's often easier for complex features.
> Lennart Regebro, Nuxeo http://www.nuxeo.com/
> CPS Content Management http://www.cps-project.org/
Zope maillist - Zope@zope.org
** No cross posts or HTML encoding! **
(Related lists -